Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: rename Cargo.toml -> Cargo.toml.hidden to fix cargo behavior #8

Merged
merged 1 commit into from
Dec 4, 2024
Merged

fix: rename Cargo.toml -> Cargo.toml.hidden to fix cargo behavior #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,4 @@ vendor
# nix build
/result*
.home
/ockam_ebpf_impl/Cargo.toml
7 changes: 7 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,12 @@ eBPF program used by Ockam Privileged Portals
[features]
default = []
# Build eBPF instead of downloading from artifacts
build = []
build = ["fs_extra"]
logging = []

[build-dependencies]
reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "blocking"] }
url = { version = "2.5.2" }
fs_extra = { version = "1.3.0", optional = true }

[lib]
64 changes: 63 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,63 @@
# ockam-ebpf
# ockam_ebpf

[![crate][crate-image]][crate-link]
[![docs][docs-image]][docs-link]
[![license][license-image]][license-link]
[![discuss][discuss-image]][discuss-link]

Ockam is a library for building devices that communicate securely, privately
and trustfully with cloud services and other devices.

This crate contains the eBPF part of Ockam Reliable TCP Portals.

### Build

This crate exposes eBPF binary through the `EBPF_BINARY` static constant in the root of the crate. That binary can be
used to attach Ockam eBPF to network devices.

### Features

By default, this crate ships a prebuilt eBPF binary downloaded from the corresponding GitHub release artifacts. This
allows to build Ockam without all the dependencies that are required to build eBPF.

* build - build the eBPF locally instead of downloading the prebuilt binary. This might be useful during development and debugging.
* logging - this will enable logs for eBPF. Note that eBPF sends logs to the user space using `AsyncPerfEventArray`, therefore it implies performance penalty.

```bash
cargo build
```

### Requirements to build eBPF

Please refer to [ockam_ebpf_impl/README.md](ockam_ebpf_impl/README.md)

### Requirements to use eBPF

Using ockam with eBPFs requires:
- Linux
- root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)

## Usage

Add this to your `Cargo.toml`:

```
[dependencies]
ockam_ebpf = "0.5.0"
```

## License

This code is licensed under the terms of the [Apache License 2.0][license-link].

[crate-image]: https://img.shields.io/crates/v/ockam_ebpf.svg
[crate-link]: https://crates.io/crates/ockam_ebpf

[docs-image]: https://docs.rs/ockam_ebpf/badge.svg
[docs-link]: https://docs.rs/ockam_ebpf

[license-image]: https://img.shields.io/badge/License-Apache%202.0-green.svg
[license-link]: https://github.com/build-trust/ockam/blob/HEAD/LICENSE

[discuss-image]: https://img.shields.io/badge/Discuss-Github%20Discussions-ff70b4.svg
[discuss-link]: https://github.com/build-trust/ockam/discussions
35 changes: 28 additions & 7 deletions build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,35 @@ fn build_ebpf() {
use std::env;
use std::process::Command;

use fs_extra::dir::CopyOptions;

let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
let output_file = out_dir.join("ockam_ebpf");
let ebpf_subdir = out_dir.join("ebpf");

let target_dir = out_dir.join("ebpf");
let ockam_ebpf_impl_subdir = ebpf_subdir.join("ockam_ebpf_impl");
let ockam_ebpf_impl_target_subdir = ebpf_subdir.join("target");
let cargo_toml_hidden = ockam_ebpf_impl_subdir.join("Cargo.toml.hidden");
let cargo_toml = ockam_ebpf_impl_subdir.join("Cargo.toml");

// Delete the target dir for eBPF crate otherwise it doesn't want to recompile after files are
// Delete the directories for eBPF crate otherwise it doesn't want to recompile after files are
// updated
_ = std::fs::remove_dir_all(&target_dir);
std::fs::create_dir(&target_dir).unwrap();
_ = std::fs::remove_dir_all(&ebpf_subdir);

std::fs::create_dir(&ebpf_subdir).unwrap();
std::fs::create_dir(&ockam_ebpf_impl_subdir).unwrap();
std::fs::create_dir(&ockam_ebpf_impl_target_subdir).unwrap();

// Copy the impl crate contents to build it
fs_extra::copy_items(
&[PathBuf::from("./ockam_ebpf_impl")],
&ebpf_subdir,
&CopyOptions::new(),
)
.unwrap();

// Copy Cargo.toml.hidden to Cargo.toml
std::fs::copy(&cargo_toml_hidden, &cargo_toml).unwrap();

#[allow(unused_mut)]
let mut args = vec!["build", "--release"];
Expand All @@ -24,11 +44,11 @@ fn build_ebpf() {
args.extend_from_slice(&["-F", "logging"]);

let output = Command::new("cargo")
.current_dir(PathBuf::from("./ockam_ebpf_impl"))
.current_dir(&ockam_ebpf_impl_subdir)
.env_remove("RUSTUP_TOOLCHAIN")
.env_remove("RUSTC")
.args(&args)
.env("CARGO_TARGET_DIR", &target_dir)
.env("CARGO_TARGET_DIR", &ockam_ebpf_impl_target_subdir)
.output();

let output = match output {
Expand All @@ -42,7 +62,8 @@ fn build_ebpf() {
panic!("Couldn't compile eBPF");
}

let build_output_file = target_dir.join("bpfel-unknown-none/release/ockam_ebpf");
let build_output_file =
ockam_ebpf_impl_target_subdir.join("bpfel-unknown-none/release/ockam_ebpf");
std::fs::copy(build_output_file, output_file).expect("Couldn't copy ockam_ebpf file");
}

Expand Down
5 changes: 3 additions & 2 deletions ockam_ebpf_impl/Cargo.toml → ockam_ebpf_impl/Cargo.toml.hidden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
[workspace]
[package]
name = "ockam_ebpf_impl"
version = "0.1.0"
Expand All @@ -7,9 +8,9 @@ edition = "2021"
homepage = "https://github.com/build-trust/ockam"
keywords = ["ockam", "crypto", "p2p", "cryptography", "encryption"]
license = "Apache-2.0"
publish = true
publish = false
readme = "README.md"
repository = "https://github.com/build-trust/ockam/implementations/rust/ockam/ockam_ebpf"
repository = "https://github.com/build-trust/ockam-ebpf/ockam_ebpf_impl"
rust-version = "1.70.0"
description = """
eBPF program used by Ockam Privileged Portals
Expand Down
65 changes: 13 additions & 52 deletions ockam_ebpf_impl/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,64 +1,25 @@
# ockam_ebpf
# ockam_ebpf_impl

[![crate][crate-image]][crate-link]
[![docs][docs-image]][docs-link]
[![license][license-image]][license-link]
[![discuss][discuss-image]][discuss-link]

Ockam is a library for building devices that communicate securely, privately
and trustfully with cloud services and other devices.

This crate contains the eBPF part of Ockam Reliable TCP Portals.
This crate is shipped as a part of `ockam_ebpf` crate rather than a stand-alone crate. Please refer to the ../README.md
for more information.

### Build

In order to build the crate it's required to copy `Cargo.toml.hidden` file and rename it to `Cargo.toml`. Note, that
`Cargo.toml` file is added to `.gitignore` and shouldn't be commited, instead all changes should be inside
`Cargo.toml.hidden` file. The reason for that is special cargo behaviour that doesn't allow including other crates as
part of a crate. Therefore, if `ockam_ebpf_impl` subdirectory has `Cargo.toml` file, that directory will be completely
ignored during `ockam_ebpf` crate release even if it's added to `include` field of root `Cargo.toml`.

```bash
cargo build-ebpf
cargo build
```
### Requirements

Building eBPFs have roughly following requirements:
- Linux
- Rust nightly
- Some dependencies to be installed

Because of that crate with the eBPF code is kept out of the workspace.
Example of a virtual machine to build it can be found in `ubuntu_x86.yaml`.

Using ockam with eBPFs requires:
- Linux
- root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)

Example of a virtual machine to run ockam with eBPF can be found in `ubuntu_arm.yaml`.

eBPF is a small architecture-independent object file that is small enough,
to include it in the repo.

The built eBPF object should be copied to `/implementations/rust/ockam/ockam_ebpf/ockam_ebpf`,
from where it will be grabbed by `ockam_transport_tcp` crate.

## Usage

Add this to your `Cargo.toml`:

```
[dependencies]
ockam_ebpf = "0.1.0"
```

## License

This code is licensed under the terms of the [Apache License 2.0][license-link].

[main-ockam-crate-link]: https://crates.io/crates/ockam

[crate-image]: https://img.shields.io/crates/v/ockam_ebpf.svg
[crate-link]: https://crates.io/crates/ockam_ebpf

[docs-image]: https://docs.rs/ockam_ebpf/badge.svg
[docs-link]: https://docs.rs/ockam_ebpf

[license-image]: https://img.shields.io/badge/License-Apache%202.0-green.svg
[license-link]: https://github.com/build-trust/ockam/blob/HEAD/LICENSE

[discuss-image]: https://img.shields.io/badge/Discuss-Github%20Discussions-ff70b4.svg
[discuss-link]: https://github.com/build-trust/ockam/discussions
Because of that, crate with the eBPF code is kept out of the workspace.
Example of a virtual machine to build and run eBPF can be found in [ubuntu_arm.yaml](../vm/ubuntu_arm.yaml)
Loading